diff options
| -rw-r--r-- | drivers/firewire/fw-device.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/drivers/firewire/fw-device.c b/drivers/firewire/fw-device.c index 870125a3638e..20ac9a5afc37 100644 --- a/drivers/firewire/fw-device.c +++ b/drivers/firewire/fw-device.c | |||
| @@ -400,6 +400,9 @@ read_rom(struct fw_device *device, int generation, int index, u32 *data) | |||
| 400 | return callback_data.rcode; | 400 | return callback_data.rcode; |
| 401 | } | 401 | } |
| 402 | 402 | ||
| 403 | #define READ_BIB_ROM_SIZE 256 | ||
| 404 | #define READ_BIB_STACK_SIZE 16 | ||
| 405 | |||
| 403 | /* | 406 | /* |
| 404 | * Read the bus info block, perform a speed probe, and read all of the rest of | 407 | * Read the bus info block, perform a speed probe, and read all of the rest of |
| 405 | * the config ROM. We do all this with a cached bus generation. If the bus | 408 | * the config ROM. We do all this with a cached bus generation. If the bus |
| @@ -409,16 +412,23 @@ read_rom(struct fw_device *device, int generation, int index, u32 *data) | |||
| 409 | */ | 412 | */ |
| 410 | static int read_bus_info_block(struct fw_device *device, int generation) | 413 | static int read_bus_info_block(struct fw_device *device, int generation) |
| 411 | { | 414 | { |
| 412 | static u32 rom[256]; | 415 | u32 *rom, *stack; |
| 413 | u32 stack[16], sp, key; | 416 | u32 sp, key; |
| 414 | int i, end, length; | 417 | int i, end, length, ret = -1; |
| 418 | |||
| 419 | rom = kmalloc(sizeof(*rom) * READ_BIB_ROM_SIZE + | ||
| 420 | sizeof(*stack) * READ_BIB_STACK_SIZE, GFP_KERNEL); | ||
| 421 | if (rom == NULL) | ||
| 422 | return -ENOMEM; | ||
| 423 | |||
| 424 | stack = &rom[READ_BIB_ROM_SIZE]; | ||
| 415 | 425 | ||
| 416 | device->max_speed = SCODE_100; | 426 | device->max_speed = SCODE_100; |
| 417 | 427 | ||
| 418 | /* First read the bus info block. */ | 428 | /* First read the bus info block. */ |
| 419 | for (i = 0; i < 5; i++) { | 429 | for (i = 0; i < 5; i++) { |
| 420 | if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) | 430 | if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) |
| 421 | return -1; | 431 | goto out; |
| 422 | /* | 432 | /* |
| 423 | * As per IEEE1212 7.2, during power-up, devices can | 433 | * As per IEEE1212 7.2, during power-up, devices can |
| 424 | * reply with a 0 for the first quadlet of the config | 434 | * reply with a 0 for the first quadlet of the config |
| @@ -428,7 +438,7 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
| 428 | * retry mechanism will try again later. | 438 | * retry mechanism will try again later. |
| 429 | */ | 439 | */ |
| 430 | if (i == 0 && rom[i] == 0) | 440 | if (i == 0 && rom[i] == 0) |
| 431 | return -1; | 441 | goto out; |
| 432 | } | 442 | } |
| 433 | 443 | ||
| 434 | device->max_speed = device->node->max_speed; | 444 | device->max_speed = device->node->max_speed; |
| @@ -478,26 +488,26 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
| 478 | */ | 488 | */ |
| 479 | key = stack[--sp]; | 489 | key = stack[--sp]; |
| 480 | i = key & 0xffffff; | 490 | i = key & 0xffffff; |
| 481 | if (i >= ARRAY_SIZE(rom)) | 491 | if (i >= READ_BIB_ROM_SIZE) |
| 482 | /* | 492 | /* |
| 483 | * The reference points outside the standard | 493 | * The reference points outside the standard |
| 484 | * config rom area, something's fishy. | 494 | * config rom area, something's fishy. |
| 485 | */ | 495 | */ |
| 486 | return -1; | 496 | goto out; |
| 487 | 497 | ||
| 488 | /* Read header quadlet for the block to get the length. */ | 498 | /* Read header quadlet for the block to get the length. */ |
| 489 | if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) | 499 | if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) |
| 490 | return -1; | 500 | goto out; |
| 491 | end = i + (rom[i] >> 16) + 1; | 501 | end = i + (rom[i] >> 16) + 1; |
| 492 | i++; | 502 | i++; |
| 493 | if (end > ARRAY_SIZE(rom)) | 503 | if (end > READ_BIB_ROM_SIZE) |
| 494 | /* | 504 | /* |
| 495 | * This block extends outside standard config | 505 | * This block extends outside standard config |
| 496 | * area (and the array we're reading it | 506 | * area (and the array we're reading it |
| 497 | * into). That's broken, so ignore this | 507 | * into). That's broken, so ignore this |
| 498 | * device. | 508 | * device. |
| 499 | */ | 509 | */ |
| 500 | return -1; | 510 | goto out; |
| 501 | 511 | ||
| 502 | /* | 512 | /* |
| 503 | * Now read in the block. If this is a directory | 513 | * Now read in the block. If this is a directory |
| @@ -507,9 +517,9 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
| 507 | while (i < end) { | 517 | while (i < end) { |
| 508 | if (read_rom(device, generation, i, &rom[i]) != | 518 | if (read_rom(device, generation, i, &rom[i]) != |
| 509 | RCODE_COMPLETE) | 519 | RCODE_COMPLETE) |
| 510 | return -1; | 520 | goto out; |
| 511 | if ((key >> 30) == 3 && (rom[i] >> 30) > 1 && | 521 | if ((key >> 30) == 3 && (rom[i] >> 30) > 1 && |
| 512 | sp < ARRAY_SIZE(stack)) | 522 | sp < READ_BIB_STACK_SIZE) |
| 513 | stack[sp++] = i + rom[i]; | 523 | stack[sp++] = i + rom[i]; |
| 514 | i++; | 524 | i++; |
| 515 | } | 525 | } |
| @@ -519,11 +529,14 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
| 519 | 529 | ||
| 520 | device->config_rom = kmalloc(length * 4, GFP_KERNEL); | 530 | device->config_rom = kmalloc(length * 4, GFP_KERNEL); |
| 521 | if (device->config_rom == NULL) | 531 | if (device->config_rom == NULL) |
| 522 | return -1; | 532 | goto out; |
| 523 | memcpy(device->config_rom, rom, length * 4); | 533 | memcpy(device->config_rom, rom, length * 4); |
| 524 | device->config_rom_length = length; | 534 | device->config_rom_length = length; |
| 535 | ret = 0; | ||
| 536 | out: | ||
| 537 | kfree(rom); | ||
| 525 | 538 | ||
| 526 | return 0; | 539 | return ret; |
| 527 | } | 540 | } |
| 528 | 541 | ||
| 529 | static void fw_unit_release(struct device *dev) | 542 | static void fw_unit_release(struct device *dev) |